Hi,
Pro:
- secure by default: you do not miss one variable because you have to
explicitly disable it for a variable, I would prefer a little more
verbose syntax like: {{ variable|noescape }}.
Con:
- explicit escaping is better then implicit escaping (no magic behind
the scenes)
I like your idea of explicitly turning it on or off globally in the
settings. In addition to that idea I would suggest an option to set the
behaviour for a whole Template, something like:
tmpl = loader.get_template('example.csv')
tmpl.auto_escape = False
tmpl.render(context)
You could also skip the idea of globally enabled escaping, and only do
it per template as described above. I'm not sure what I like the most.
Rudolph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---
